Today i've noticed a strange behaviour of HA pair of Pa820 (panos 8.1.6) in Active passive configuration.
In the dashboard page i've noticed the running config not in sync with peer.
So i checked the differences with the diff button and i discovered that master node want to replace its own ha settings on the slave node.
And also the management ip!
Of course i've not pushed the sync but i'm worried about such state of the firewall.
You don't have to worry about these entries when you click to manually sync the configuration. For some reason there is something that make the firewall show that it is no longer in sync even while it looks like there is everythinh good (as long as thats all on your screenshot). To have them in sync again you need to click this sync button. The management IP and HA settings aren't synced between active/passive firewalls. The full list of configurations and settings that aren't synced between the firewalls you can find here: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/high-availability/reference-ha-synchroniza...
However sometimes ago i experienced for two times on two different pair of ha clusters that the master and slave were running the same HA config but fortunately the managemnt ip was not affected and i was able to restore the correct config.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!